Have just found: ZipFile zipFile = new ZipFile(context.getPackageCodePath()); ZipEntry zipEntry = zipFile.getEntry(new String(Common.CLASS_DEX)); int crc = zipEntry.getCrc();
Will try it out. On Jul 11, 6:47 pm, Richard <[email protected]> wrote: > So how can I get md5 ofdexfilein runtime? > > On Jul 11, 6:39špm, Raghav Sood <[email protected]> wrote: > > > > > > > > > Probably not the best method but you can have it send an md5 of its contents > > to your web server, generated at run time. If the md5 matches the md5 you > > have on your server pre defined then its authentic. The md5 will be > > different for all versions of your app and you must only generate it using > > non changing resources. Preferably using yourdexfileas that will return a > > different md5 if a hacker changes its contents. > > > On Mon, Jul 11, 2011 at 7:58 PM, Richard <[email protected]> wrote: > > > Ok, but is there any way to be sure that it's the original package? I > > > use open key to encode data in my app so hacker never sees comparison > > > explicitly, but of course if he know my signature open key this > > > doesn't help. What can you advise? As I see Android does everything to > > > make all our efforts useless - even with ProGuard. Using several tools > > > everyone can open your package, almost restore source files, > > > resources, edit the code and compile again. Virtually no way to fight > > > against piracy. But I thought if I can check modifications, I'll have > > > the cure. > > > Do you happen to know is there a way to check package'sCRC? > > > > On Jul 11, 6:01 pm, Kostya Vasilyev <[email protected]> wrote: > > > > I don't believe that hackers use the API - they process your application > > > at > > > > another computer, and create a new package, signed with a new key. > > > > > The hacked package has code to intercept that PackageManager call, and > > > > return your original signature. > > > > > -- > > > > Kostya Vasilyev > > > > 11.07.2011 17:54 ÐÏÌØÚÏ×ÁÔÅÌØ "Richard" <[email protected]> ÎÁÐÉÓÁÌ: > > > > > > Hi all, > > > > > using this code: > > > > > > PackageManager pm = getPackageManager(); > > > > > try > > > > > { > > > > > PackageInfo info = pm.getPackageInfo(getPackageName(), 64); > > > > > Signature [] sig = info.signatures; > > > > > sigstring = new String(sig[0].toChars()); > > > > > } > > > > > catch (Exception e) > > > > > { > > > > > e.printStackTrace(); > > > > > } > > > > > return sigstring; > > > > > > I can get signature of every package in the system. > > > > > > How can I deny other apps (except my apps and Android system) to read > > > > > my package signature? > > > > > I want to make sure it is original app, not changed by hacker (i.e. > > > > > signed by my own private key) when run. But for now I see that hacker > > > > > can easily patch my code by embedding signature, he read from my > > > > > original package. > > > > > Maybe there is another way to make sure package is original? > > > > > > -- > > > > > You received this message because you are subscribed to the Google > > > > > Groups "Android Developers" group. > > > > > To post to this group, send email to > > > [email protected] > > > > > To unsubscribe from this group, send email to > > > > > [email protected] > > > > > For more options, visit this group at > > > > >http://groups.google.com/group/android-developers?hl=en > > > > -- > > > You received this message because you are subscribed to the Google > > > Groups "Android Developers" group. > > > To post to this group, send email to [email protected] > > > To unsubscribe from this group, send email to > > > [email protected] > > > For more options, visit this group at > > >http://groups.google.com/group/android-developers?hl=en > > > -- > > Raghav > > Soodhttp://www.raghavsood.com/http://wiki.androidappcheck.com/http://www.... -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
